HA setup doc

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

HA setup doc

L3 Networker

I am looking for the setup documentation to setup HA when the devices aren't directly connected . We have a requirement to setup fail-over to recovery site reachable via IP . I have seen the doc to setup HA with the devices next to each other .

Thanks

1 accepted solution

Accepted Solutions

This is the document you want. This will walk you through setting up both HA1 and HA2 as L3 interfaces.

View solution in original post

12 REPLIES 12

L4 Transporter

There's really not that much difference. I have it setup right now with our passive device across town using a Metro Ethernet link. I have HA1 and HA2 on separate VLANs. You can setup HA2 as a L3 interface, but I haven't had a problem using it in L2 for nearly five years.

You just have to watch your timers and STP setup. The attached document should help there.

Hi,

The boxes are 2020s and there are no vlans .

This is the document you want. This will walk you through setting up both HA1 and HA2 as L3 interfaces.

I have that doc and used it for HA when the boxes are next to each other . What settings do i need to change to setup it when there are separate environments. As i said the boxes are 2020 . I usually setup ports 11 and 12 . 11 being the control link and 12 being the data link

L4 Transporter

Do you not have a link between these two locations?

yes we do . There  is fiber based MPLS network  .

Another thing is we want to setup an ipsec vpn b/w the two sites .

I am looking at the doc again and it says the control link if on separate broadcast  domains you need to specify the gateway only . The two sites are on separate domains as each has a router . So the IP of the gateway is the public address of each unit .  So on both the control and data link all we need to setup are the gateway ips and on the data link select IP for transport . Am I correct ?

Thanks

Roland,

      If you have connectivity between the two sites then yes, you just need to add the gateway that the HA port will use to reach the other firewall.

L4 Transporter

Roland,

     Did you need additional information?

I can't speak for Palo Alto, but I know a lot of vendors frown upon using HA across a WAN link.

Hey,

No . Thanks

  • 1 accepted solution
  • 5008 Views
  • 12 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!